Ruleset Update Summary - 2022/12/27 - v10205

rulesbot · December 27, 2022, 9:43pm

Summary:

18 new OPEN, 20 new PRO (18 + 2)

Thanks @0xrb, @ViriBack, @DuskRiseInc, @_CPResearch_, NoahWolf

The Emerging Threats mailing list is migrating to Discourse. Please visit us at https://community.emergingthreats.net

We will announce the mailing list retirement date in the near future.

Added rules:

Open:

2043008 - ET ADWARE_PUP Win32/Atshz.A Checkin (adware_pup.rules)
2043009 - ET ADWARE_PUP Win32/Atshz.A Checkin M2 (adware_pup.rules)
2043010 - ET EXPLOIT Possible Cacti Unauthenticated RCE Inbound M1 (CVE-2022-46169) (exploit.rules)
2043011 - ET EXPLOIT Possible Cacti Unauthenticated RCE Inbound M2 (CVE-2022-46169) (exploit.rules)
2043012 - ET MALWARE Antinum WebSockets Start (malware.rules)
2043013 - ET MALWARE Antinum HTTP Checkin (malware.rules)
2043014 - ET MALWARE Win32/Drokbk Checkin Activity (GET) (malware.rules)
2043015 - ET MALWARE CloudAtlas APT Related Domain in DNS Lookup (malware.rules)
2043016 - ET MALWARE CloudAtlas APT Related Domain in DNS Lookup (malware.rules)
2043017 - ET MALWARE Aurora Stealer Admin Console In HTTP Response (malware.rules)
2043018 - ET MALWARE Observed DNS Query to Alibaba2044 Domain (service-fatturecloud .de) (malware.rules)
2043019 - ET MALWARE Observed DNS Query to Alibaba2044 Domain (utente .service-fatturecloud .de) (malware.rules)
2043020 - ET MALWARE Observed DNS Query to Alibaba2044 Domain (downloadpdf-fattura .de) (malware.rules)
2043021 - ET PHISHING Facebook Credential Phish Landing Page 2022-12-27 (phishing.rules)
2043022 - ET PHISHING Generic Credential Phish Landing Page 2022-12-27 (phishing.rules)
2043023 - ET MALWARE TA444/Lazarus Related Domain in DNS Lookup (thedoodles .site) (malware.rules)
2043024 - ET MALWARE SocGholish Domain in DNS Lookup (people .fl2wealth .com) (malware.rules)
2043025 - ET MALWARE SocGholish Domain in DNS Lookup (taxes .rpacx .com) (malware.rules)

Pro:

2852982 - ETPRO PHISHING Twitter Phish Landing Page 2022-12-23 (phishing.rules)
2852983 - ETPRO PHISHING Successful Twitter Credential Phish 2022-12-23 (phishing.rules)

Modified active rules:

2810290 - ETPRO MALWARE NanoCore RAT Keepalive Response 1 (malware.rules)

Removed rules:

2042766 - ET INFO localtunnel Tunneling Domain in DNS Lookup (localtunnel .me) (info.rules)
2830630 - ETPRO ADWARE_PUP Win32/Atshz.A Checkin (adware_pup.rules)
2830631 - ETPRO ADWARE_PUP Win32/Atshz.A Checkin M2 (adware_pup.rules)

Topic	Replies	Views
Ruleset Update Summary - 2023/01/05 - v10212 Ruleset Updates	316	January 5, 2023
Ruleset Update Summary - 2023/01/19 - v10224 Ruleset Updates	372	January 19, 2023
Ruleset Update Summary - 2023/01/11 - v10217 Ruleset Updates	283	January 11, 2023
Ruleset Update Summary - 2023/01/31 - v10233 Ruleset Updates	345	January 31, 2023
Ruleset Update Summary - 2023/02/22 - v10250 Ruleset Updates	361	February 22, 2023